US6122740A - Method and apparatus for remote network access logging and reporting - Google Patents

Method and apparatus for remote network access logging and reporting Download PDF

Info

Publication number
US6122740A
US6122740A US08/769,373 US76937396A US6122740A US 6122740 A US6122740 A US 6122740A US 76937396 A US76937396 A US 76937396A US 6122740 A US6122740 A US 6122740A
Authority
US
United States
Prior art keywords
access
client system
log
request
access request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
US08/769,373
Inventor
David B. Andersen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intel Corp
Original Assignee
Intel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corp filed Critical Intel Corp
Priority to US08/769,373 priority Critical patent/US6122740A/en
Assigned to INTEL CORPORATION reassignment INTEL CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ANDERSEN, DAVID B.
Priority to EP97952460A priority patent/EP1008087B1/en
Priority to PCT/US1997/023167 priority patent/WO1998027502A1/en
Priority to DE69728182T priority patent/DE69728182T2/en
Priority to AU56056/98A priority patent/AU5605698A/en
Application granted granted Critical
Publication of US6122740A publication Critical patent/US6122740A/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present invention pertains to the field of networks. More particularly, this invention relates to remote logging of accesses on a network.
  • a network refers to a system which can couple together two or more computer systems such that the systems can communicate with one another.
  • One problem that arises with the use of networks is that they allow individuals to access systems other than those they are supposed to be accessing. For example, children are able to access adult-oriented systems and employees are able to access non-work related systems.
  • One solution to the problem of individuals accessing systems other than those they are supposed to be accessing is to provide, on an individual's system, a list of unacceptable computer systems and prevent the individual from accessing any of the unacceptable systems.
  • Another solution is to maintain, on an individual's system, a record of systems which have been accessed by the individual and have a supervisor periodically check the record to identify inappropriate systems being accessed.
  • the present invention provides a method and apparatus for remote network access logging and reporting which achieves these and other desired results which will be apparent to those skilled in the art from the description that follows.
  • a method and apparatus for remote network access logging and reporting is described herein.
  • the present invention intercepts an access request at a client system on a network and sends log data identifying the access request to a log server on the network.
  • the client system receives an access list from the log server and compares the access request to the access list. In this embodiment, access to the host system is allowed only if the request does not conflict with the access list. According to another embodiment of the present invention, the client system receives an access list from the log server and compares the access request to the access list. In this embodiment, the log data is sent to the log server only if the request conflicts with the access list.
  • FIG. 1 is a block diagram illustrating a network environment in which the present invention may be practiced
  • FIG. 2 is a simplified block diagram illustrating a system architecture such as may be used with one embodiment of the present invention
  • FIG. 3 is a flowchart illustrating the steps followed in logging network accesses according to one embodiment of the present invention
  • FIG. 4 is a flowchart illustrating the steps followed in logging network accesses according to an alternate embodiment of the present invention
  • FIG. 5 is a functional block diagram illustrating a log server according to one embodiment of the present invention.
  • FIG. 6 is a flowchart illustrating the steps taken in recording data at a log server according to one embodiment of the present invention
  • FIG. 7 is a flowchart illustrating the steps followed in reporting log data according to one embodiment of the present invention.
  • FIG. 8 illustrates a display of log data such as may be displayed according to one embodiment of the present invention.
  • FIG. 9 illustrates one embodiment of a hardware system suitable for use with the present invention.
  • the present invention provides a method and apparatus for remote network access logging and reporting.
  • log data regarding the request is transferred to and saved at a remote system. This saved data is then made available for an authorized individual to review and thereby receive data regarding the user's network accesses.
  • FIG. 1 is a block diagram illustrating a network environment in which the present invention may be practiced.
  • network environment 100 includes multiple (N) client systems 110 and multiple (M) host systems 120, collectively referred to as network systems.
  • Network environment 100 also includes multiple (X) internet service providers (ISPs) 130, the Internet 140, and a log server 150.
  • ISPs internet service providers
  • Each client system 110 can be any of a wide range of computing devices which provide a user with the ability to access the internet 140.
  • Each ISP 130 is typically a computer system having a large amount of storage space (typically on the order of hundreds of gigabytes or terabytes) and multiple communication lines for accessing both the client systems 110 and the Internet 140.
  • Each host system 120 is also typically a computer system which can be accessed by the client systems 110.
  • each host system 120 includes one or more HyperText Markup Language (HTML) compatible web pages which can be accessed via the HyperText Transfer Protocol (HTTP) and displayed by an HTML compatible Internet browser running on a client system 110.
  • HTTP HyperText Transfer Protocol
  • an individual user can access a host system 120 by entering an identifier of a web page at that system, referred to as a Uniform Resource Locator (URL).
  • URL Uniform Resource Locator
  • each host system 120 may also contain one or more data files which can be accessed by the client systems 110. These data file(s) may be accessed via HTTP, or alternatively other protocols, such as the file transfer protocol (FTP).
  • FTP file transfer protocol
  • Each of the host systems 120 typically includes "site description" information.
  • the site description information for a host system 120 is a brief description identifying the information available from the host system. Examples of site description information include both keyword lists and abstracts.
  • each host system 120 can contain multiple HTML compatible web pages, and each web page can have its own site description information.
  • Log server 150 is also typically a computer system having a large amount of storage space for storing log data in accordance with the present invention. Log data is transferred to log server 150 from one or more client systems 110 and stored by log server 150 until the information is requested by a verified user, as discussed in more detail below. It is to be appreciated that although only a single log server 150 is illustrated in FIG. 1, any number of servers 150 can be coupled to the Internet 140.
  • the Internet 140 is a combination of multiple conventional hardware components, including computer systems, routers, repeaters, gateways, and communications links spread throughout the world. These hardware components are organized hierarchically to provide multiple logical levels of networks.
  • the hardware components of Internet 140 interact to route data from one computer system to another.
  • data is transferred between computer systems using the well-known Transmission Control Protocol/Internet Protocol (TCP/IP) protocol.
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • the data is typically transferred in units referred to as "packets" or "datagrams”.
  • packets typically transferred in units referred to as "packets" or "datagrams".
  • each packet includes data, a source address identifying the system which initiated the packet and a target address identifying the system to which the packet is to be sent. Additional control information, such as a checksum, may also be included in the packet.
  • the number of bytes of data contained within a packet is dependent on the network protocol being used.
  • the communication links illustrated in FIG. 1 may be any of a wide range of conventional communication media, and may be different for different systems 110, host systems 120, ISPs 130, and log servers 150.
  • a communication link may be a cable, a fiber-optic cable, or may represent a nonphysical medium transmitting electromagnetic signals in the electromagnetic spectrum.
  • a communication link may also include any number of conventional routing or repeating devices, such as satellites or electromagnetic signal repeaters.
  • client systems 110 and host systems 120 are illustrated as being different machines, a single hardware system may be both a client system and a host system. If the hardware system is initiating an access for information to another system then the hardware system is referred to as a client system. However, if the hardware system is being accessed by another system to obtain information from the hardware system then the hardware system is referred to as a host system.
  • additional networks may also be included in the network environment 100.
  • multiple client systems 110 may be coupled together in an Ethernet, token ring, or other conventional network and access an ISP 130 through this additional network.
  • FIG. 2 is a simplified block diagram illustrating a system architecture such as may be used with one embodiment of the present invention.
  • the system architecture includes a network browser 210, a Windows Sockets interface 220, a logging dynamic link library (DLL) 230, an access list 235, and a TCP/IP stack 240.
  • the elements of FIG. 2 are included on one or more client systems 10 of FIG. 1.
  • Network browser 210 provides a user interface, such as a graphical user interface (GUI), which allows an individual to send information to and receive information from another network system.
  • GUI graphical user interface
  • network browser 210 is an HTML compatible Internet browser, such as NavigatorTM, available from Netscape Communications of Mountain View, Calif. It is to be appreciated, however, that browser 210 can be any of a wide variety of conventional interfaces which allow an individual user to access other network systems.
  • Windows Sockets interface 220 is, according to one embodiment, a Windows Sockets 2 interface, as defined in the Windows Sockets 2 Service Provider Interface Specification, Revision 2.2.0, dated May 10, 1996, the Windows Sockets 2 Application Programming Interface, Revision 2.2.0, dated May 10, 1996, and the Windows Sockets 2 Protocol-Specific Annex, Revision 2.0.3, dated May 10, 1996.
  • the Windows Sockets interface 220 may be a Windows Sockets 1.1 interface, as defined in the Windows Sockets Interface Specification, Version 1.1, dated Jan. 20, 1993.
  • WinSock Interface 222 provides an application programming interface (API) which allows network browser 210 to communicate with Windows Sockets interface 220.
  • Service provider interface (SPI) 226 provides an interface which allows the service provider (for example, logging DLL 230 or TCP/IP stack 240) to communicate with Windows Sockets interface 220.
  • WinSock DLL 224 translates information received via interface 226 into the format expected by browser 210, and similarly translates information received via interface 222 into the format expected by entities that support the WinSock service provider interface, such as logging DLL 230 and TCP/IP stack 240.
  • logging DLL 230 Upon installation, logging DLL 230 calls the WSCInstallProvider function of Windows Sockets interface 220, identifying logging DLL 230 as the default destination for messages from interface 226 of Windows Sockets interface 220. Therefore, Windows Sockets interface 220 provides data from network browser 210 to logging DLL 230 rather than directly to TCP/IP stack 240. During operation, logging DLL 230 receives requests from Windows Sockets interface 220. The request as received from Windows Sockets interface 220 may be forwarded to TCP/IP stack 240, as discussed in more detail below.
  • the identifier of the host system being accessed may be extracted from the request and be included as the log data to be forwarded to log server 150 of FIG. 1, as discussed in more detail below. Additional log data may also be included by logging DLL 230, such as the date of the access, the time of the access, the elapsed time since the last host system was accessed, etc. Furthermore, according to one embodiment of the present invention, logging DLL 230 can provide site description information as part of the log data. For example, browser 210 may maintain a list of keywords or abstracts of certain sites being accessed by the individual user. If this list is maintained, then the keywords or abstract of the host system being accessed is included as part of the log data.
  • Temporary access list 235 is a list of host systems which are not to be accessed by the user of the system. Alternatively, access list 235 may be a list of only those systems which can be accessed by the user. In the illustrated embodiment access list 235 is obtained from log server 150 and is stored in volatile memory, such as the random access memory (RAM) of the system.
  • RAM random access memory
  • TCP/IP stack 240 supports the WinSock service provider interface 226 and thus can communicate with both Windows Sockets interface 220 and logging DLL 230, as well as the Internet. Requests to access network systems, as well as packets of log data destined for log server 150, are received by TCP/IP stack 240 and forwarded to the targeted location as input/output 250. Additionally, packets of data received from external sources are received as input/output 250 and forwarded to Windows Sockets interface 220 by TCP/IP stack 240.
  • logging DLL 230 is illustrated in FIG. 2 as being implemented between Windows Sockets interface 220 and TCP/IP stack 240, the present invention could be implemented in any of a wide variety of conventional manners.
  • the present invention could be implemented as a series of software routines executing in network browser 210.
  • FIG. 3 is a flowchart illustrating the steps followed in logging network accesses according to one embodiment of the present invention.
  • the logging DLL executing on a client system retrieves an access list from a logging server and stores the access list locally on the client system, step 305.
  • this retrieval is performed when the logging DLL begins running.
  • this retrieval can be performed at different times, such as at periodic periods after the logging DLL begins running.
  • the logging DLL is able to receive requests from a user (via the network browser).
  • the logging DLL receives a request to access a host system, step 310, and compares the host system to the locally stored access list, step 315.
  • the logging DLL then checks whether the request conflicts with the access list, step 320. If the request does not conflict with the access list, then the logging DLL forwards the request to the host system (via TCP/IP stack 240 of FIG. 2), step 330. However, if the request does conflict with the access list, then the logging DLL sends log data for the request to the logging server, step 325, as well as forwarding the request to the host system, step 330.
  • this log data can include any of a wide range of data including the identification of the requested host system, the date and time of the request, etc.
  • the access list includes a list of network identifiers which are not to be accessed by the user of the system. An identifier received in step 310 which is in this list conflicts with the list.
  • the access list is a list of words or phrases. If the host corresponding to the identifier received in step 310 contains any of the words or phrases (or alternatively, does not contain any of the words or phrases), then the identifier received in step 310 conflicts with the list.
  • Various host systems and possibly ISPs include search engines which enable an individual to search for particular host systems which include data of interest.
  • search engines often contain a list of words, such as a site description, which identify the information available from the host systems via the Internet.
  • the logging DLL on a client system could copy the site description information from a host system or a search engine and then use this copied list to identify conflicts. If the logging DLL receives an identifier corresponding to a host system which has words which are contained in the list, then a conflict is identified.
  • FIG. 4 is a flowchart illustrating the steps followed in logging network accesses according to an alternate embodiment of the present invention.
  • the logging DLL executing on a client system retrieves an access list from a logging server and stores the access list locally on the client system, step 405.
  • the logging DLL then receives a request to access a host system, step 410, compares the host system to the locally stored access list, step 415, and checks whether the request conflicts with the access list, step 420.
  • Steps 405, 410, 415 and 420 of FIG. 4 are analogous to Steps 305, 310, 315 and 320 of FIG. 3, respectively.
  • access to the requested host system is denied, step 425.
  • access is denied by the logging DLL not forwarding the request to TCP/IP stack 240 of FIG. 2.
  • the logging DLL ignores the request, and in one implementation returns a message to the user that access to the requested host system has been denied.
  • the logging DLL returns an indication to the user that the requested system could not be located. This indication is the same indication that the browser would receive if a particular system could not be accessed (for example, because the addressed location could not be found) so as not to alert the user to the operation of the present invention.
  • the logging DLL sends log data for the request to the logging server, step 430.
  • this log data can include any of a wide range of data, including the identification of the requested host system, the date and time of the request, etc.
  • the logging DLL also forwards the request to the host system (via TCP/IP stack 240 of FIG. 2), step 435.
  • FIG. 5 is a functional block diagram illustrating a log server according to one embodiment of the present invention.
  • the log server 150 illustrated in FIG. 5 includes log/access control 510, log data storage 520, and permanent access database 530.
  • Log/access control 510 controls the storage and retrieval of data in both log data storage 520 and permanent access database 530.
  • log data storage process 512 Upon receipt of log data from a client system, log data storage process 512 stores the received log data, as well as an identifier of the client system from which the log data was received, in log data storage 520. Log data storage process 512 also obtains site description information, if any, corresponding to the received log data as discussed in more detail below.
  • log data retrieval process 517 Upon receipt of a request for log data regarding a particular user or client system, log data retrieval process 517 verifies that the user is authorized to access the requested log data and forwards the requested log data to the user. Log data retrieval process 517 also organizes the requested log data, if necessary, to conform to the preferences of the requester.
  • Access database control process 527 controls the storage of access information to and retrieval of access information from permanent access database 530.
  • Permanent access database 530 stores access lists corresponding to particular client systems in nonvolatile memory.
  • control process 527 retrieves a copy of the requested access list from database 530 and returns the copy to the requester.
  • control process 527 performs the requested addition or removal.
  • FIG. 6 is a flowchart illustrating the steps taken in recording data at a log server according to one embodiment of the present invention.
  • the log server first receives log data from a client system, step 605.
  • the log data storage process checks whether the log data includes site description information, step 610. If the log data storage process does not include site description information, then the log data storage process accesses the host system identified in the log data in order to obtain site description information for that host system, step 615. After obtaining the site description information, either from the client system as part of the log data or in step 615, the log data storage process stores the log data, including the site description information, in a location corresponding to the user, step 620.
  • the log server can support multiple users and stores each of their information separately.
  • the log data storage process can obtain the site description information in any of a wide variety of manners.
  • the log data storage process could obtain the site description information from the host system, or alternatively the log data storage process could access a search engine on another host system or ISP to obtain the site description information.
  • the log data storage process obtains the site description information by sending a message to the host system (or search engine) identifying a particular host system and requesting either the list of key words for that system or an abstract for that system.
  • the site description information is not obtained by the log server.
  • steps 610 and 615 are not included, and the log data storage process stores whatever log data, if any, is sent to it by the client systems in step 605.
  • FIG. 7 is a flowchart illustrating the steps followed in reporting log data according to one embodiment of the present invention.
  • the log server first receives a request for the log data from a supervisor, step 705.
  • a "supervisor" refers to an individual user who wishes to access the log data from other users. This request can be received from any of the client systems 110 shown in FIG. 1.
  • the log data retrieval process then checks whether the supervisor is authorized to view the log data, step 710. This verification can be done in any of a wide variety of conventional manners, such as requiring a user identification and a password. If the supervisor is not authorized, then no data is transferred to the supervisor and the log server returns to accept another request in step 705. However, if the supervisor is authorized, then the log data retrieval process provides a summary of the log data to the supervisor, step 715.
  • the supervisor can set a user preference with the log server indicating the format that the summary of log data should be in.
  • one user preference is a hierarchical setting.
  • the log data retrieval process obtains all the log data for the specified user since the last time the supervisor checked the log data and then displays the log data hierarchically, as illustrated in FIG. 8.
  • a first web page 805 accessed may have an URL of "www.intel.com”.
  • the second web page 810 accessed may have an URL of "www.intel.com/intel/index.htm”
  • the third web page 815 accessed may have an URL of "www.intel.com/intel/contact/index.htm”.
  • the second web page 810 and the third web page 815 are displayed hierarchically as being below and offset from the first web page 805. It is to be appreciated that additional site description information (not shown) may also be displayed along with the URLs accessed.
  • a user may request chronological ordering, or alternatively only those host systems accessed with site descriptions that contain a particular one or more words identified by the supervisor.
  • the supervisor can also change the access list for the user.
  • a permanent access list is stored at the log server and is copied to the client system for temporary storage and use.
  • any changes to the permanent access list can be made by the supervisor when accessing the log server.
  • a supervisor need not access the log server in order to check the log data.
  • the log data retrieval process periodically sends the log data to the supervisor using electronic mail.
  • the log data retrieval process could compare log data to a predetermined list of words or sites at the log server (for example, the access list discussed above). If an access matches any of the words in the predetermined list of words, then the log data retrieval process could alert the supervisor to an inappropriate access.
  • the supervisor could be alerted in any of a wide range of manners, such as by sending an electronic mail message to the supervisor indicating the site that was accessed, by sending a wireless page to a conventional pager used by the supervisor, or by calling a phone number (e.g., for a cellular phone) used by the supervisor and playing an audible alert message.
  • a phone number e.g., for a cellular phone
  • FIG. 9 illustrates one embodiment of a hardware system suitable for use with the present invention.
  • each of the client systems 110, host systems 120, log server 150 illustrated in FIG. 1 are hardware systems 900 of FIG. 9.
  • hardware system 900 includes processor 902 and cache memory 904 coupled to each other as shown.
  • hardware system 900 includes high performance input/output (I/O) bus 906 and standard I/O bus 908.
  • Host bridge 910 couples processor 902 to high performance I/O bus 906, whereas I/O bus bridge 912 couples the two buses 906 and 908 to each other.
  • Coupled to bus 906 are network/communication interface 924, system memory 914, and video memory 916.
  • display device 918 is coupled to video memory 916.
  • Coupled to bus 908 is mass storage 920 and keyboard and pointing device 922.
  • network/communication interface 924 is used to provide communication between system 900 and any of a wide range of conventional networks, such as an Ethernet, token ring, the Internet, etc. It is to be appreciated that the circuitry of interface 924 is dependent on the type of network the system 900 is being coupled to.
  • Mass storage 920 is used to provide permanent storage for the data and programming instructions to implement the above described functions, whereas system memory 914 is used to provide temporary storage for the data and programming instructions when executed by processor 902.
  • Mass storage 920 may be provided with the programming instructions by loading the programming instructions from a distribution storage medium (not shown), or by downloading the programming distributions from a server (not shown) coupled to hardware system 900 via network/communication interface 924.
  • a distribution storage medium not shown
  • server not shown
  • network/communication interface 924 Collectively, these elements are intended to represent a broad category of hardware systems, including but not limited general purpose computer systems based on the Pentium® processor or Pentium® Pro processor, manufactured by Intel Corporation of Santa Clara, Calif.
  • cache 904 may be on-chip with processor 902.
  • certain implementations of the present invention may not require nor include all of the above components.
  • mass storage 920, keyboard and pointing device 922, and/or display device 918 and video memory 916 may not be included in system 900.
  • the peripheral devices shown coupled to standard I/O bus 908 may be coupled to high performance I/O bus 906; in addition, in some implementations only a single bus may exist with the components of hardware system 900 being coupled to the single bus.
  • additional components may be included in system 900, such as additional processors, storage devices, or memories.
  • the method and apparatus for remote network access logging and reporting discussed above is implemented as a series of software routines run by a hardware system of FIG. 9.
  • These software routines comprise a plurality or series of instructions to be executed by a processor in a hardware system, such as processor 902 of FIG. 9.
  • the series of instructions are stored on a storage device, such as mass storage 920.
  • the instructions are copied from storage device 920 into memory 914 and then accessed and executed by processor 902.
  • these software routines are written in the C++ programming language. It is to be appreciated, however, that these routines may be implemented in any of a wide variety of programming languages.
  • the present invention is implemented in discrete hardware or firmware. For example, an application specific integrated circuit (ASIC) could be programmed with the above described functions of the present invention.
  • ASIC application specific integrated circuit
  • the network environment is described as being the Internet. It is to be appreciated, however, that the present invention can be used with any type of network environment and is not limited to the Internet.
  • a client system 110 of FIG. 1 may be able to receive and display television programming.
  • the television channel and time and date of viewing could be transferred to the log server as the log data.
  • channel description information could also be forwarded, such as selected text from the closed captioning information, or an electronic television guide which could be transferred during the vertical blanking interval, or data from a preview channel.
  • the present invention provides a method and apparatus for remote network access logging and reporting.
  • a record of log data identifying at least the host systems accessed, as well as possibly additional information, can be advantageously maintained at a remote location.
  • the remote location can then be accessed by a supervisor at will, yet the data cannot be altered by an individual user because the data is stored remotely.
  • access to particular host systems can advantageously be prevented based on an access list which is obtained from a remote location at the time the present invention begins running.
  • the access list is maintained remotely, thereby inhibiting an individual who may attempt to alter the list.

Abstract

A method and apparatus for remote network access logging and reporting intercepts an access request at a client system on a network and sends log data identifying the access request to a log server on the network. According to one embodiment, the client system receives an access list from the log server and compares the access request to the access list. In this embodiment, access to the host system is allowed only if the request does not conflict with the access list. According to another embodiment, the client system receives an access list from the log server and compares the access request to the access list. In this embodiment, the log data is sent to the log server only if the request conflicts with the access list.

Description

BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention pertains to the field of networks. More particularly, this invention relates to remote logging of accesses on a network.
2. Background
As computer technology has advanced the use of networks has continually increased. A network refers to a system which can couple together two or more computer systems such that the systems can communicate with one another. One problem that arises with the use of networks is that they allow individuals to access systems other than those they are supposed to be accessing. For example, children are able to access adult-oriented systems and employees are able to access non-work related systems.
One solution to the problem of individuals accessing systems other than those they are supposed to be accessing is to provide, on an individual's system, a list of unacceptable computer systems and prevent the individual from accessing any of the unacceptable systems. Another solution is to maintain, on an individual's system, a record of systems which have been accessed by the individual and have a supervisor periodically check the record to identify inappropriate systems being accessed.
However, one problem with both of these solutions is that the user, especially a knowledgeable computer user, could access the appropriate lists or records on his or her system and modify them to his or her own choosing. Thus, it would be beneficial to maintain a log of accesses to inappropriate systems, as well as possibly providing a way to prohibit access to such systems, which would be inaccessible to a system user.
As will be described in more detail below the present invention provides a method and apparatus for remote network access logging and reporting which achieves these and other desired results which will be apparent to those skilled in the art from the description that follows.
SUMMARY OF THE INVENTION
A method and apparatus for remote network access logging and reporting is described herein. The present invention intercepts an access request at a client system on a network and sends log data identifying the access request to a log server on the network.
According to one embodiment of the present invention, the client system receives an access list from the log server and compares the access request to the access list. In this embodiment, access to the host system is allowed only if the request does not conflict with the access list. According to another embodiment of the present invention, the client system receives an access list from the log server and compares the access request to the access list. In this embodiment, the log data is sent to the log server only if the request conflicts with the access list.
BRIEF DESCRIPTION OF THE DRAWINGS
The present invention is illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like references indicate similar elements and in which:
FIG. 1 is a block diagram illustrating a network environment in which the present invention may be practiced;
FIG. 2 is a simplified block diagram illustrating a system architecture such as may be used with one embodiment of the present invention;
FIG. 3 is a flowchart illustrating the steps followed in logging network accesses according to one embodiment of the present invention;
FIG. 4 is a flowchart illustrating the steps followed in logging network accesses according to an alternate embodiment of the present invention;
FIG. 5 is a functional block diagram illustrating a log server according to one embodiment of the present invention;
FIG. 6 is a flowchart illustrating the steps taken in recording data at a log server according to one embodiment of the present invention;
FIG. 7 is a flowchart illustrating the steps followed in reporting log data according to one embodiment of the present invention;
FIG. 8 illustrates a display of log data such as may be displayed according to one embodiment of the present invention; and
FIG. 9 illustrates one embodiment of a hardware system suitable for use with the present invention.
DETAILED DESCRIPTION
In the following description, various aspects of the present invention will be described. However, it will be understood by those skilled in the art that the present invention may be practiced with only some or all aspects of the present invention. For purposes of explanation, specific numbers, materials and configurations are set forth in order to provide a thorough understanding of the present invention. However, it will also be apparent to those skilled in the art that the present invention may be practiced without these specific details.
Some portions of the detailed descriptions which follow are presented in terms of algorithms and symbolic representations of operations on data bits within a computer memory. These algorithmic descriptions and representations are the means used by those skilled in the data processing arts to most effectively convey the substance of their work to others skilled in the art. An algorithm is here, and generally, conceived to be a self-consistent sequence of steps leading to a desired result. The steps are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like. It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. Unless specifically stated otherwise as apparent from the following discussions, it is appreciated that throughout the present invention, discussions utilizing terms such as "processing" or "computing" or "calculating" or "determining" or "displaying" or the like, refer to the action and processes of a computer system, or similar electronic computing device, that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage, transmission or display devices.
The present invention provides a method and apparatus for remote network access logging and reporting. When an access to a network system is made by a user, log data regarding the request is transferred to and saved at a remote system. This saved data is then made available for an authorized individual to review and thereby receive data regarding the user's network accesses.
FIG. 1 is a block diagram illustrating a network environment in which the present invention may be practiced. As illustrated, network environment 100 includes multiple (N) client systems 110 and multiple (M) host systems 120, collectively referred to as network systems. Network environment 100 also includes multiple (X) internet service providers (ISPs) 130, the Internet 140, and a log server 150. Each client system 110 can be any of a wide range of computing devices which provide a user with the ability to access the internet 140.
Each ISP 130 is typically a computer system having a large amount of storage space (typically on the order of hundreds of gigabytes or terabytes) and multiple communication lines for accessing both the client systems 110 and the Internet 140.
Each host system 120 is also typically a computer system which can be accessed by the client systems 110. According to one embodiment, each host system 120 includes one or more HyperText Markup Language (HTML) compatible web pages which can be accessed via the HyperText Transfer Protocol (HTTP) and displayed by an HTML compatible Internet browser running on a client system 110. In this embodiment, an individual user can access a host system 120 by entering an identifier of a web page at that system, referred to as a Uniform Resource Locator (URL). In addition, each host system 120 may also contain one or more data files which can be accessed by the client systems 110. These data file(s) may be accessed via HTTP, or alternatively other protocols, such as the file transfer protocol (FTP).
Each of the host systems 120 typically includes "site description" information. The site description information for a host system 120 is a brief description identifying the information available from the host system. Examples of site description information include both keyword lists and abstracts. In one embodiment, each host system 120 can contain multiple HTML compatible web pages, and each web page can have its own site description information.
Log server 150 is also typically a computer system having a large amount of storage space for storing log data in accordance with the present invention. Log data is transferred to log server 150 from one or more client systems 110 and stored by log server 150 until the information is requested by a verified user, as discussed in more detail below. It is to be appreciated that although only a single log server 150 is illustrated in FIG. 1, any number of servers 150 can be coupled to the Internet 140.
The Internet 140 is a combination of multiple conventional hardware components, including computer systems, routers, repeaters, gateways, and communications links spread throughout the world. These hardware components are organized hierarchically to provide multiple logical levels of networks. The hardware components of Internet 140 interact to route data from one computer system to another. According to one implementation, data is transferred between computer systems using the well-known Transmission Control Protocol/Internet Protocol (TCP/IP) protocol. The data is typically transferred in units referred to as "packets" or "datagrams". Typically, each packet includes data, a source address identifying the system which initiated the packet and a target address identifying the system to which the packet is to be sent. Additional control information, such as a checksum, may also be included in the packet. The number of bytes of data contained within a packet is dependent on the network protocol being used.
The communication links illustrated in FIG. 1 may be any of a wide range of conventional communication media, and may be different for different systems 110, host systems 120, ISPs 130, and log servers 150. For example, a communication link may be a cable, a fiber-optic cable, or may represent a nonphysical medium transmitting electromagnetic signals in the electromagnetic spectrum. Additionally, a communication link may also include any number of conventional routing or repeating devices, such as satellites or electromagnetic signal repeaters.
It is to be appreciated that although the client systems 110 and host systems 120 are illustrated as being different machines, a single hardware system may be both a client system and a host system. If the hardware system is initiating an access for information to another system then the hardware system is referred to as a client system. However, if the hardware system is being accessed by another system to obtain information from the hardware system then the hardware system is referred to as a host system.
It is to be appreciated that additional networks may also be included in the network environment 100. For example, multiple client systems 110 may be coupled together in an Ethernet, token ring, or other conventional network and access an ISP 130 through this additional network.
FIG. 2 is a simplified block diagram illustrating a system architecture such as may be used with one embodiment of the present invention. As shown, the system architecture includes a network browser 210, a Windows Sockets interface 220, a logging dynamic link library (DLL) 230, an access list 235, and a TCP/IP stack 240. According to one embodiment of the present invention, the elements of FIG. 2 are included on one or more client systems 10 of FIG. 1.
Network browser 210 provides a user interface, such as a graphical user interface (GUI), which allows an individual to send information to and receive information from another network system. According to one embodiment of the present invention, network browser 210 is an HTML compatible Internet browser, such as Navigator™, available from Netscape Communications of Mountain View, Calif. It is to be appreciated, however, that browser 210 can be any of a wide variety of conventional interfaces which allow an individual user to access other network systems.
Windows Sockets interface 220 is, according to one embodiment, a Windows Sockets 2 interface, as defined in the Windows Sockets 2 Service Provider Interface Specification, Revision 2.2.0, dated May 10, 1996, the Windows Sockets 2 Application Programming Interface, Revision 2.2.0, dated May 10, 1996, and the Windows Sockets 2 Protocol-Specific Annex, Revision 2.0.3, dated May 10, 1996. Alternatively, the Windows Sockets interface 220 may be a Windows Sockets 1.1 interface, as defined in the Windows Sockets Interface Specification, Version 1.1, dated Jan. 20, 1993.
WinSock Interface 222 provides an application programming interface (API) which allows network browser 210 to communicate with Windows Sockets interface 220. Service provider interface (SPI) 226 provides an interface which allows the service provider (for example, logging DLL 230 or TCP/IP stack 240) to communicate with Windows Sockets interface 220. WinSock DLL 224 translates information received via interface 226 into the format expected by browser 210, and similarly translates information received via interface 222 into the format expected by entities that support the WinSock service provider interface, such as logging DLL 230 and TCP/IP stack 240.
Upon installation, logging DLL 230 calls the WSCInstallProvider function of Windows Sockets interface 220, identifying logging DLL 230 as the default destination for messages from interface 226 of Windows Sockets interface 220. Therefore, Windows Sockets interface 220 provides data from network browser 210 to logging DLL 230 rather than directly to TCP/IP stack 240. During operation, logging DLL 230 receives requests from Windows Sockets interface 220. The request as received from Windows Sockets interface 220 may be forwarded to TCP/IP stack 240, as discussed in more detail below. Additionally, the identifier of the host system being accessed, for example the URL of the host system being accessed, may be extracted from the request and be included as the log data to be forwarded to log server 150 of FIG. 1, as discussed in more detail below. Additional log data may also be included by logging DLL 230, such as the date of the access, the time of the access, the elapsed time since the last host system was accessed, etc. Furthermore, according to one embodiment of the present invention, logging DLL 230 can provide site description information as part of the log data. For example, browser 210 may maintain a list of keywords or abstracts of certain sites being accessed by the individual user. If this list is maintained, then the keywords or abstract of the host system being accessed is included as part of the log data.
Additionally, logging DLL 230 is also coupled to a temporary access list 235. Temporary access list 235 is a list of host systems which are not to be accessed by the user of the system. Alternatively, access list 235 may be a list of only those systems which can be accessed by the user. In the illustrated embodiment access list 235 is obtained from log server 150 and is stored in volatile memory, such as the random access memory (RAM) of the system. The use of access list 235 by logging DLL 230 is discussed in more detail below. It should be noted that the data in temporary access list 235 could also be encrypted in any of a wide variety of conventional manners, and decrypted by logging DLL 230 whenever accessed.
TCP/IP stack 240 supports the WinSock service provider interface 226 and thus can communicate with both Windows Sockets interface 220 and logging DLL 230, as well as the Internet. Requests to access network systems, as well as packets of log data destined for log server 150, are received by TCP/IP stack 240 and forwarded to the targeted location as input/output 250. Additionally, packets of data received from external sources are received as input/output 250 and forwarded to Windows Sockets interface 220 by TCP/IP stack 240.
It is to be appreciated that although the present invention is described with reference to the Windows Sockets interface and as conforming to the TCP/IP protocol, the present invention can be used with any of a wide range of conventional network protocols.
It is also to be appreciated that although logging DLL 230 is illustrated in FIG. 2 as being implemented between Windows Sockets interface 220 and TCP/IP stack 240, the present invention could be implemented in any of a wide variety of conventional manners. For example, the present invention could be implemented as a series of software routines executing in network browser 210.
FIG. 3 is a flowchart illustrating the steps followed in logging network accesses according to one embodiment of the present invention. Initially, the logging DLL executing on a client system retrieves an access list from a logging server and stores the access list locally on the client system, step 305. In the illustrated embodiment, this retrieval is performed when the logging DLL begins running. However, it is to be appreciated that in alternate embodiments this retrieval can be performed at different times, such as at periodic periods after the logging DLL begins running.
Once the access list is retrieved, the logging DLL is able to receive requests from a user (via the network browser). The logging DLL receives a request to access a host system, step 310, and compares the host system to the locally stored access list, step 315. The logging DLL then checks whether the request conflicts with the access list, step 320. If the request does not conflict with the access list, then the logging DLL forwards the request to the host system (via TCP/IP stack 240 of FIG. 2), step 330. However, if the request does conflict with the access list, then the logging DLL sends log data for the request to the logging server, step 325, as well as forwarding the request to the host system, step 330. As discussed above, this log data can include any of a wide range of data including the identification of the requested host system, the date and time of the request, etc.
It is to be appreciated that a conflict, as checked for in step 320, can be identified in any of a wide range of conventional manners. According to one implementation, the access list includes a list of network identifiers which are not to be accessed by the user of the system. An identifier received in step 310 which is in this list conflicts with the list. According to another implementation, the access list is a list of words or phrases. If the host corresponding to the identifier received in step 310 contains any of the words or phrases (or alternatively, does not contain any of the words or phrases), then the identifier received in step 310 conflicts with the list. Various host systems and possibly ISPs include search engines which enable an individual to search for particular host systems which include data of interest. These search engines often contain a list of words, such as a site description, which identify the information available from the host systems via the Internet. The logging DLL on a client system could copy the site description information from a host system or a search engine and then use this copied list to identify conflicts. If the logging DLL receives an identifier corresponding to a host system which has words which are contained in the list, then a conflict is identified.
FIG. 4 is a flowchart illustrating the steps followed in logging network accesses according to an alternate embodiment of the present invention. Initially, the logging DLL executing on a client system retrieves an access list from a logging server and stores the access list locally on the client system, step 405. The logging DLL then receives a request to access a host system, step 410, compares the host system to the locally stored access list, step 415, and checks whether the request conflicts with the access list, step 420. Steps 405, 410, 415 and 420 of FIG. 4 are analogous to Steps 305, 310, 315 and 320 of FIG. 3, respectively.
If the request is identified as conflicting with the access list in step 420, then access to the requested host system is denied, step 425. In one embodiment, access is denied by the logging DLL not forwarding the request to TCP/IP stack 240 of FIG. 2. The logging DLL ignores the request, and in one implementation returns a message to the user that access to the requested host system has been denied. In an alternate implementation, the logging DLL returns an indication to the user that the requested system could not be located. This indication is the same indication that the browser would receive if a particular system could not be accessed (for example, because the addressed location could not be found) so as not to alert the user to the operation of the present invention.
Returning to step 420, if the request does not conflict with the access list, then the logging DLL sends log data for the request to the logging server, step 430. As discussed above, this log data can include any of a wide range of data, including the identification of the requested host system, the date and time of the request, etc. The logging DLL also forwards the request to the host system (via TCP/IP stack 240 of FIG. 2), step 435.
FIG. 5 is a functional block diagram illustrating a log server according to one embodiment of the present invention. The log server 150 illustrated in FIG. 5 includes log/access control 510, log data storage 520, and permanent access database 530. Log/access control 510 controls the storage and retrieval of data in both log data storage 520 and permanent access database 530.
Upon receipt of log data from a client system, log data storage process 512 stores the received log data, as well as an identifier of the client system from which the log data was received, in log data storage 520. Log data storage process 512 also obtains site description information, if any, corresponding to the received log data as discussed in more detail below.
Upon receipt of a request for log data regarding a particular user or client system, log data retrieval process 517 verifies that the user is authorized to access the requested log data and forwards the requested log data to the user. Log data retrieval process 517 also organizes the requested log data, if necessary, to conform to the preferences of the requester.
Access database control process 527 controls the storage of access information to and retrieval of access information from permanent access database 530. Permanent access database 530 stores access lists corresponding to particular client systems in nonvolatile memory. Upon receiving a request for an access list, control process 527 retrieves a copy of the requested access list from database 530 and returns the copy to the requester. Similarly, upon receiving a request to add or remove host systems from a particular access list, control process 527 performs the requested addition or removal.
FIG. 6 is a flowchart illustrating the steps taken in recording data at a log server according to one embodiment of the present invention. The log server first receives log data from a client system, step 605. The log data storage process then checks whether the log data includes site description information, step 610. If the log data storage process does not include site description information, then the log data storage process accesses the host system identified in the log data in order to obtain site description information for that host system, step 615. After obtaining the site description information, either from the client system as part of the log data or in step 615, the log data storage process stores the log data, including the site description information, in a location corresponding to the user, step 620. In the illustrated embodiment, the log server can support multiple users and stores each of their information separately.
The log data storage process can obtain the site description information in any of a wide variety of manners. For example, the log data storage process could obtain the site description information from the host system, or alternatively the log data storage process could access a search engine on another host system or ISP to obtain the site description information. According to one implementation, the log data storage process obtains the site description information by sending a message to the host system (or search engine) identifying a particular host system and requesting either the list of key words for that system or an abstract for that system.
In an alternate embodiment, the site description information is not obtained by the log server. In this embodiment, steps 610 and 615 are not included, and the log data storage process stores whatever log data, if any, is sent to it by the client systems in step 605.
FIG. 7 is a flowchart illustrating the steps followed in reporting log data according to one embodiment of the present invention. The log server first receives a request for the log data from a supervisor, step 705. A "supervisor" refers to an individual user who wishes to access the log data from other users. This request can be received from any of the client systems 110 shown in FIG. 1. The log data retrieval process then checks whether the supervisor is authorized to view the log data, step 710. This verification can be done in any of a wide variety of conventional manners, such as requiring a user identification and a password. If the supervisor is not authorized, then no data is transferred to the supervisor and the log server returns to accept another request in step 705. However, if the supervisor is authorized, then the log data retrieval process provides a summary of the log data to the supervisor, step 715.
According to one embodiment of the present invention, the supervisor can set a user preference with the log server indicating the format that the summary of log data should be in. According to one implementation, one user preference is a hierarchical setting. The log data retrieval process obtains all the log data for the specified user since the last time the supervisor checked the log data and then displays the log data hierarchically, as illustrated in FIG. 8. As illustrated, a first web page 805 accessed may have an URL of "www.intel.com". The second web page 810 accessed may have an URL of "www.intel.com/intel/index.htm", and the third web page 815 accessed may have an URL of "www.intel.com/intel/contact/index.htm". Thus, as illustrated, the second web page 810 and the third web page 815 are displayed hierarchically as being below and offset from the first web page 805. It is to be appreciated that additional site description information (not shown) may also be displayed along with the URLs accessed.
It is to be appreciated that other user preferences can also be set. For example, a user may request chronological ordering, or alternatively only those host systems accessed with site descriptions that contain a particular one or more words identified by the supervisor.
According to one embodiment of the present invention, once authorization for the supervisor to access the log data has been verified, the supervisor can also change the access list for the user. As discussed above, a permanent access list is stored at the log server and is copied to the client system for temporary storage and use. Thus, any changes to the permanent access list can be made by the supervisor when accessing the log server.
Additionally, according to one embodiment of the present invention, a supervisor need not access the log server in order to check the log data. In this embodiment, the log data retrieval process periodically sends the log data to the supervisor using electronic mail. Alternatively, the log data retrieval process could compare log data to a predetermined list of words or sites at the log server (for example, the access list discussed above). If an access matches any of the words in the predetermined list of words, then the log data retrieval process could alert the supervisor to an inappropriate access. The supervisor could be alerted in any of a wide range of manners, such as by sending an electronic mail message to the supervisor indicating the site that was accessed, by sending a wireless page to a conventional pager used by the supervisor, or by calling a phone number (e.g., for a cellular phone) used by the supervisor and playing an audible alert message.
FIG. 9 illustrates one embodiment of a hardware system suitable for use with the present invention. In one embodiment, each of the client systems 110, host systems 120, log server 150 illustrated in FIG. 1 are hardware systems 900 of FIG. 9. In the illustrated embodiment, hardware system 900 includes processor 902 and cache memory 904 coupled to each other as shown. Additionally, hardware system 900 includes high performance input/output (I/O) bus 906 and standard I/O bus 908. Host bridge 910 couples processor 902 to high performance I/O bus 906, whereas I/O bus bridge 912 couples the two buses 906 and 908 to each other. Coupled to bus 906 are network/communication interface 924, system memory 914, and video memory 916. In turn, display device 918 is coupled to video memory 916. Coupled to bus 908 is mass storage 920 and keyboard and pointing device 922.
These elements 902-922 perform their conventional functions known in the art. In particular, network/communication interface 924 is used to provide communication between system 900 and any of a wide range of conventional networks, such as an Ethernet, token ring, the Internet, etc. It is to be appreciated that the circuitry of interface 924 is dependent on the type of network the system 900 is being coupled to.
Mass storage 920 is used to provide permanent storage for the data and programming instructions to implement the above described functions, whereas system memory 914 is used to provide temporary storage for the data and programming instructions when executed by processor 902. Mass storage 920 may be provided with the programming instructions by loading the programming instructions from a distribution storage medium (not shown), or by downloading the programming distributions from a server (not shown) coupled to hardware system 900 via network/communication interface 924. Collectively, these elements are intended to represent a broad category of hardware systems, including but not limited general purpose computer systems based on the Pentium® processor or Pentium® Pro processor, manufactured by Intel Corporation of Santa Clara, Calif.
It is to be appreciated that various components of hardware system 900 may be rearranged. For example, cache 904 may be on-chip with processor 902. Furthermore, certain implementations of the present invention may not require nor include all of the above components. For example, mass storage 920, keyboard and pointing device 922, and/or display device 918 and video memory 916 may not be included in system 900. Additionally, the peripheral devices shown coupled to standard I/O bus 908 may be coupled to high performance I/O bus 906; in addition, in some implementations only a single bus may exist with the components of hardware system 900 being coupled to the single bus. Furthermore, additional components may be included in system 900, such as additional processors, storage devices, or memories.
In one embodiment, the method and apparatus for remote network access logging and reporting discussed above is implemented as a series of software routines run by a hardware system of FIG. 9. These software routines comprise a plurality or series of instructions to be executed by a processor in a hardware system, such as processor 902 of FIG. 9. Initially, the series of instructions are stored on a storage device, such as mass storage 920. The instructions are copied from storage device 920 into memory 914 and then accessed and executed by processor 902. In one implementation, these software routines are written in the C++ programming language. It is to be appreciated, however, that these routines may be implemented in any of a wide variety of programming languages. In alternate embodiments, the present invention is implemented in discrete hardware or firmware. For example, an application specific integrated circuit (ASIC) could be programmed with the above described functions of the present invention.
In several of the discussions above, the network environment is described as being the Internet. It is to be appreciated, however, that the present invention can be used with any type of network environment and is not limited to the Internet.
It is also to be appreciated that the present invention can be used for the remote logging of any of a wide variety of activities which can be engaged in on a client system. For example, a client system 110 of FIG. 1 may be able to receive and display television programming. Thus, the television channel and time and date of viewing could be transferred to the log server as the log data. Additionally, channel description information could also be forwarded, such as selected text from the closed captioning information, or an electronic television guide which could be transferred during the vertical blanking interval, or data from a preview channel.
Thus, the present invention provides a method and apparatus for remote network access logging and reporting. A record of log data identifying at least the host systems accessed, as well as possibly additional information, can be advantageously maintained at a remote location. The remote location can then be accessed by a supervisor at will, yet the data cannot be altered by an individual user because the data is stored remotely. Furthermore, access to particular host systems can advantageously be prevented based on an access list which is obtained from a remote location at the time the present invention begins running. Thus, the access list is maintained remotely, thereby inhibiting an individual who may attempt to alter the list.
Whereas many alterations and modifications of the present invention will be comprehended by a person skilled in the art after having read the foregoing description, it is to be understood that the particular embodiments shown and described by way of illustration are in no way intended to be considered limiting. References to details of particular embodiments are not intended to limit the scope of the claims.

Claims (19)

What is claimed is:
1. A method comprising:
intercepting an access request at a client system to access information at a host system on a network, said access request originating at the client system;
sending log data from the client system to a log server on the network, said log data to identify the access request; and
receiving an access summary from the log server that summarizes at least a portion of the log data received from the client system.
2. The method of claim 1, wherein the access request is a request to access a world wide web page on the host system.
3. The method of claim 1, further comprising:
receiving an access list at the client system from the log server;
comparing the access request to the access list; and
initiating an access from the client system to the host system only if the access request does not conflict with the access list.
4. The method of claim 1, further comprising
the log server accessing the host system in response to the log server receiving the log data from the client system; and
the log server obtaining site description information regarding the host system from the host system.
5. The method of claim 1, wherein the sending comprises:
comparing the access request at the client system to an access list received from the log server; and
sending the log data from the client system to the log server only if the access request conflicts with the access list.
6. The method of claim 1, wherein the log data identifies a source of the access request and site description information corresponding to the access request.
7. The method of claim 1, further comprising:
the log server comparing the log data to a plurality of predetermined host systems; and
the log server alerting a predetermined user in response to the log data matching at least one of the plurality of predetermined host systems.
8. The method of claim 7, wherein the alerting comprises sending an electronic mail message to the predetermined user.
9. A machine-readable medium having stored thereon a plurality of instructions, designed to be executed by a processor, for implementing a function, implementation of the function comprising:
intercepting an access request at a client system to access information at a host system on a network, said access request originating at the client system;
sending log data from the client system to a log server on the network, said log data to identify the access request; and
receiving an access summary from the log server that summarizes at least a portion of the log data received from the client system.
10. The machine-readable medium of claim 9, wherein the access request is a request to access a specified file on the host system.
11. The machine-readable medium of claim 9, wherein implementation of the function further comprises:
receiving an access list at the client system from the log server;
comparing the access request to the access list; and
initiating an access from the client system to the host system only if the access request does not conflict with the access list.
12. The machine-readable medium of claim 9, wherein implementation of the function further comprises:
comparing the access request at the client system to an access list received from the log server; and
sending the log data from the client system to the log server only if the access request conflicts with the access list.
13. The system of claim 8 wherein the log server is further to store an access list, said client system to retrieve the access list from the log server and compare a first access request to the access list,
said client system to send first log data identifying the first access request to the log server only if the first access request conflicts with the access list.
14. An apparatus comprising:
an interface to intercept an access request at a client system to access information at a host system on a network, said access request originating at the client system; and
a logging process to send log data from the client system to a log server on the network, said log data to identify the access request, and said logging process to receive an access summary from the log server that summarizes at least a portion of the log data.
15. The apparatus of claim 14, wherein the access request is a request to access a particular file on the host system.
16. The apparatus of claim 14, wherein the logging process is also to retrieve an access list from the log server, compare the access request to the access list, and initiate an access from the client system to the host system only if the access request does not conflict with the access list.
17. The apparatus of claim 14, wherein the logging process is also to compare the access request at the client system to an access list received from the log server, and to send the log data to the log server only if the access request conflicts with the access list.
18. A system comprising:
a client system on a network to request access to information stored at a host system on the network; and
a log server on the network to store an access log for the client system, said client system to send log data to the log server for addition to the access log to identify access requests made by the client system, said log server to sent an access summary to the client system that summarizes at least a portion of the log data received from the client system.
19. A system comprising:
a client system on a network to request access to information stored at a host system on the network; and
a log server on the network to store an access list for the client system, said client system to retrieve the access list from the log server, compare a first access request to the access list, and initiate the first access request only if the first access request does not conflict with the access list, said log server further to store an access log for the client system, said client system to send log data to the log server for addition to the access log to identify access requests made by the client system, said client system further to send first log data identifying the first access request to the log server only if the first access request conflicts with the access list.
US08/769,373 1996-12-19 1996-12-19 Method and apparatus for remote network access logging and reporting Expired - Lifetime US6122740A (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
US08/769,373 US6122740A (en) 1996-12-19 1996-12-19 Method and apparatus for remote network access logging and reporting
EP97952460A EP1008087B1 (en) 1996-12-19 1997-12-01 Method and apparatus for remote network access logging and reporting
PCT/US1997/023167 WO1998027502A1 (en) 1996-12-19 1997-12-01 Method and apparatus for remote network access logging and reporting
DE69728182T DE69728182T2 (en) 1996-12-19 1997-12-01 METHOD AND DEVICE FOR REMOVING NETWORK ACCESS ENTRY AND NETWORK ACCESS REPORT
AU56056/98A AU5605698A (en) 1996-12-19 1997-12-01 Method and apparatus for remote network access logging and reporting

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US08/769,373 US6122740A (en) 1996-12-19 1996-12-19 Method and apparatus for remote network access logging and reporting

Publications (1)

Publication Number Publication Date
US6122740A true US6122740A (en) 2000-09-19

Family

ID=25085252

Family Applications (1)

Application Number Title Priority Date Filing Date
US08/769,373 Expired - Lifetime US6122740A (en) 1996-12-19 1996-12-19 Method and apparatus for remote network access logging and reporting

Country Status (5)

Country Link
US (1) US6122740A (en)
EP (1) EP1008087B1 (en)
AU (1) AU5605698A (en)
DE (1) DE69728182T2 (en)
WO (1) WO1998027502A1 (en)

Cited By (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010025301A1 (en) * 2000-02-09 2001-09-27 Anderson Keith R. Packet prioritization protocol for a large-scale, high speed computer network
US6314386B1 (en) * 1997-10-15 2001-11-06 Venture Union Inc. Site access log analyzing method and method of displaying the same
US6381632B1 (en) * 1996-09-10 2002-04-30 Youpowered, Inc. Method and apparatus for tracking network usage
US20020103797A1 (en) * 2000-08-08 2002-08-01 Surendra Goel Displaying search results
US6549944B1 (en) * 1996-10-15 2003-04-15 Mercury Interactive Corporation Use of server access logs to generate scripts and scenarios for exercising and evaluating performance of web sites
US20030105815A1 (en) * 2001-12-05 2003-06-05 Ibm Corporation Apparatus and method for monitoring and analyzing instant messaging account transcripts
US20030233447A1 (en) * 2002-06-13 2003-12-18 International Business Machines Corporation Apparatus and methods for monitoring content requested by a client device
US20040003075A1 (en) * 1998-02-09 2004-01-01 Reuters, Ltd. Market data domain and enterprise system implemented by a master entitlement processor
US20040083372A1 (en) * 2002-10-19 2004-04-29 Hewlett-Packard Development Company, L.C. Propagation of viruses through an information technology network
US20040123158A1 (en) * 2002-12-18 2004-06-24 James Roskind Using trusted communication channel to combat user name/password theft
WO2004086726A1 (en) * 2003-03-24 2004-10-07 Savantis Systems, Inc. Network service security
US20040218615A1 (en) * 2003-04-29 2004-11-04 Hewlett-Packard Development Company, L.P. Propagation of viruses through an information technology network
US6836799B1 (en) * 1998-09-11 2004-12-28 L.V. Partners, L.P. Method and apparatus for tracking user profile and habits on a global network
US20050114218A1 (en) * 1996-01-17 2005-05-26 Privacy Infrastructure, Inc. Third party privacy system
US20050198323A1 (en) * 2002-03-06 2005-09-08 Arvind Ramaswamy Method and system for a network management console
US7072407B2 (en) 2000-01-31 2006-07-04 Brookline Flolmstead Llc Combination power and full duplex data cable
US20060184515A1 (en) * 2000-08-08 2006-08-17 America Online, Inc., A Delaware Corporation Category searching
US20060242294A1 (en) * 2005-04-04 2006-10-26 Damick Jeffrey J Router-host logging
US20060242128A1 (en) * 2000-08-08 2006-10-26 Surendra Goel Searching content on web pages
US20060265468A1 (en) * 2004-09-07 2006-11-23 Iwanski Jerry S System and method for accessing host computer via remote computer
US20070083914A1 (en) * 2004-04-28 2007-04-12 Jonathan Griffin Propagation of malicious code through an information technology network
US20070288625A1 (en) * 2006-06-07 2007-12-13 Al Chakra System and Method to Optimally Manage Performance's Virtual Users and Test Cases
US7310671B1 (en) * 2000-02-10 2007-12-18 Paradyne Corporation System and method for a trouble shooting portal to allow temporary management access to a communication device
US20080020769A1 (en) * 2005-10-27 2008-01-24 Parekh Nileshkumar J Tune-away and cross paging systems and methods
US20080168555A1 (en) * 2003-09-08 2008-07-10 Mailfrontier, Inc. Fraudulent Message Detection
US20090100507A1 (en) * 2007-10-10 2009-04-16 Johnson R Brent System to audit, monitor and control access to computers
US20090240816A1 (en) * 1998-09-11 2009-09-24 Rpx-Lv Acquisiton Llc Method and apparatus for accessing a remote location with an optical reader having a programmable memory system
US7739353B2 (en) 1998-09-11 2010-06-15 Rpx-Lv Acquisition Llc Launching a web site using a personal device
US7822829B2 (en) 1998-09-11 2010-10-26 Rpx-Lv Acquisition Llc Method for interfacing scanned product information with a source for the product over a global network
US7819316B2 (en) 1998-09-11 2010-10-26 Lv Partners, L.P. Portable scanner for enabling automatic commerce transactions
US7870189B2 (en) 1998-09-11 2011-01-11 Rpx-Lv Acquisition Llc Input device having positional and scanning capabilities
US7870239B1 (en) * 1998-06-30 2011-01-11 Emc Corporation Method and system for securing network access to dynamically updateable data stored in a data storage system
US7904344B2 (en) 1998-09-11 2011-03-08 Rpx-Lv Acquisition Llc Accessing a vendor web site using personal account information retrieved from a credit card company web site
US7908467B2 (en) 1998-09-11 2011-03-15 RPX-LV Acquistion LLC Automatic configuration of equipment software
US7925780B2 (en) 1998-09-11 2011-04-12 Rpx-Lv Acquisition Llc Method for connecting a wireless device to a remote location on a network
US20110099621A1 (en) * 2002-04-22 2011-04-28 Nicholas Lizarraga Process for monitoring, filtering and caching internet connections
US7979576B2 (en) 1998-09-11 2011-07-12 Rpx-Lv Acquisition Llc Method and apparatus for connecting a user location to one of a plurality of destination locations on a network
US8005985B2 (en) 1998-09-11 2011-08-23 RPX—LV Acquisition LLC Method and apparatus for utilizing an audibly coded signal to conduct commerce over the internet
US8045565B1 (en) 2001-11-20 2011-10-25 Brookline Flolmstead Llc Method and apparatus for an environmentally hardened ethernet network system
USRE43163E1 (en) 1999-05-14 2012-02-07 Brookline Flolmstead Llc High-speed network of independently linked nodes
US20130014241A1 (en) * 2006-01-13 2013-01-10 Google Inc. Providing Selective Access To A Web Site
US8595146B1 (en) 2004-03-15 2013-11-26 Aol Inc. Social networking permissions
US8898777B1 (en) * 2011-10-14 2014-11-25 Symantec Corporation Systems and methods for detecting user activities to identify deceptive activity
US9116906B2 (en) * 2012-06-12 2015-08-25 Sap Se Centralized read access logging
US9197602B2 (en) 2002-06-07 2015-11-24 Hewlett-Packard Development Company, L.P. Propagation of viruses through an information technology network
US9652743B2 (en) 2012-05-30 2017-05-16 Sap Se Brainstorming in a cloud environment
US20180013819A1 (en) * 2009-12-17 2018-01-11 Intel Corporation Cloud federation as a service

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20000070005A (en) * 1997-01-09 2000-11-25 코페이 스티븐 Monitoring of remote file access on a public computer network
GB9806664D0 (en) * 1998-03-27 1998-05-27 Internet Games Plc A system for directing the retrieval of information over a network
GB2366631B (en) * 2000-03-04 2004-10-20 Ericsson Telefon Ab L M Communication node, communication network and method of recovering from a temporary failure of a node
WO2018089006A1 (en) * 2016-11-10 2018-05-17 Ernest Brickell Balancing public and personal security needs

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5237614A (en) * 1991-06-07 1993-08-17 Security Dynamics Technologies, Inc. Integrated network security system
US5241594A (en) * 1992-06-02 1993-08-31 Hughes Aircraft Company One-time logon means and methods for distributed computing systems
US5572643A (en) * 1995-10-19 1996-11-05 Judson; David H. Web browser with dynamic display of information objects during linking
US5611049A (en) * 1992-06-03 1997-03-11 Pitts; William M. System for accessing distributed data cache channel at each network node to pass requests and data
US5682478A (en) * 1995-01-19 1997-10-28 Microsoft Corporation Method and apparatus for supporting multiple, simultaneous services over multiple, simultaneous connections between a client and network server
US5696898A (en) * 1995-06-06 1997-12-09 Lucent Technologies Inc. System and method for database access control
US5706507A (en) * 1995-07-05 1998-01-06 International Business Machines Corporation System and method for controlling access to data located on a content server
US5892902A (en) * 1996-09-05 1999-04-06 Clark; Paul C. Intelligent token protected system with network authentication

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4961224A (en) * 1989-03-06 1990-10-02 Darby Yung Controlling access to network resources
US5032979A (en) * 1990-06-22 1991-07-16 International Business Machines Corporation Distributed security auditing subsystem for an operating system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5237614A (en) * 1991-06-07 1993-08-17 Security Dynamics Technologies, Inc. Integrated network security system
US5241594A (en) * 1992-06-02 1993-08-31 Hughes Aircraft Company One-time logon means and methods for distributed computing systems
US5611049A (en) * 1992-06-03 1997-03-11 Pitts; William M. System for accessing distributed data cache channel at each network node to pass requests and data
US5682478A (en) * 1995-01-19 1997-10-28 Microsoft Corporation Method and apparatus for supporting multiple, simultaneous services over multiple, simultaneous connections between a client and network server
US5696898A (en) * 1995-06-06 1997-12-09 Lucent Technologies Inc. System and method for database access control
US5706507A (en) * 1995-07-05 1998-01-06 International Business Machines Corporation System and method for controlling access to data located on a content server
US5572643A (en) * 1995-10-19 1996-11-05 Judson; David H. Web browser with dynamic display of information objects during linking
US5892902A (en) * 1996-09-05 1999-04-06 Clark; Paul C. Intelligent token protected system with network authentication

Non-Patent Citations (12)

* Cited by examiner, † Cited by third party
Title
"Microsystems Announces Cyber Patrol Proxy to Support Microsoft's Proxy Server: Filtering Software Available at a Discount for Users of the Microsoft Proxy Server", Microsystems Software, Inc. Press Release, Oct. 28, 1996, 3 pages.
"Microsystems Announces Immediate Availability of Cyber Patrol Proxy for Microsoft's Proxy Server: Internet Filtering Solution Extends Microsystems' Presence in Corporate Markets; Company Plans for Integration With Additional Proxy Servers", Microsystems Software, Inc. Press Release, Jul. 31, 1996, 3 pages.
"Microsystems Releases Cyber Corporate for Office and Business Use: Leading Internet Filter Lets Businesses Restrict Content Not Suited to the Office", Microsystems Software, Inc. Press Release, Nov. 18, 1996, 3 pages.
"Spyglass Previews SurfWatch ProServer: First Internet Proxy Server With SurfWatch Filtering Built-In; SurfWatch ProServer Allows Content Choices and Improves Network Performance for Corporations, Schools, and Internet Providers", Spyglass Inc. Press Release, Jul. 30, 1996, 3 pages.
"SurfWatch ProServer from Spyglass", Spyglass Inc. Products and Services Guide, 4 pages.
Georgia, Bonny L., "Smut Stoppers: Five Internet blocking packages for your family", Family PC, Mar. 1996, 5 pages.
Georgia, Bonny L., Smut Stoppers: Five Internet blocking packages for your family , Family PC , Mar. 1996, 5 pages. *
Microsystems Announces Cyber Patrol Proxy to Support Microsoft s Proxy Server: Filtering Software Available at a Discount for Users of the Microsoft Proxy Server , Microsystems Software, Inc. Press Release, Oct. 28, 1996, 3 pages. *
Microsystems Announces Immediate Availability of Cyber Patrol Proxy for Microsoft s Proxy Server: Internet Filtering Solution Extends Microsystems Presence in Corporate Markets; Company Plans for Integration With Additional Proxy Servers , Microsystems Software, Inc. Press Release, Jul. 31, 1996, 3 pages. *
Microsystems Releases Cyber Corporate for Office and Business Use: Leading Internet Filter Lets Businesses Restrict Content Not Suited to the Office , Microsystems Software, Inc. Press Release, Nov. 18, 1996, 3 pages. *
Spyglass Previews SurfWatch ProServer: First Internet Proxy Server With SurfWatch Filtering Built In; SurfWatch ProServer Allows Content Choices and Improves Network Performance for Corporations, Schools, and Internet Providers , Spyglass Inc. Press Release, Jul. 30, 1996, 3 pages. *
SurfWatch ProServer from Spyglass , Spyglass Inc. Products and Services Guide, 4 pages. *

Cited By (82)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050114218A1 (en) * 1996-01-17 2005-05-26 Privacy Infrastructure, Inc. Third party privacy system
US6381632B1 (en) * 1996-09-10 2002-04-30 Youpowered, Inc. Method and apparatus for tracking network usage
US6549944B1 (en) * 1996-10-15 2003-04-15 Mercury Interactive Corporation Use of server access logs to generate scripts and scenarios for exercising and evaluating performance of web sites
US6314386B1 (en) * 1997-10-15 2001-11-06 Venture Union Inc. Site access log analyzing method and method of displaying the same
US20040003075A1 (en) * 1998-02-09 2004-01-01 Reuters, Ltd. Market data domain and enterprise system implemented by a master entitlement processor
US8195780B2 (en) * 1998-02-09 2012-06-05 Reuters, Ltd. Market data domain and enterprise system implemented by a master entitlement processor
US7870239B1 (en) * 1998-06-30 2011-01-11 Emc Corporation Method and system for securing network access to dynamically updateable data stored in a data storage system
US7925780B2 (en) 1998-09-11 2011-04-12 Rpx-Lv Acquisition Llc Method for connecting a wireless device to a remote location on a network
US7819316B2 (en) 1998-09-11 2010-10-26 Lv Partners, L.P. Portable scanner for enabling automatic commerce transactions
US8069098B2 (en) 1998-09-11 2011-11-29 Rpx-Lv Acquisition Llc Input device for allowing interface to a web site in association with a unique input code
US7739353B2 (en) 1998-09-11 2010-06-15 Rpx-Lv Acquisition Llc Launching a web site using a personal device
US8005985B2 (en) 1998-09-11 2011-08-23 RPX—LV Acquisition LLC Method and apparatus for utilizing an audibly coded signal to conduct commerce over the internet
US6836799B1 (en) * 1998-09-11 2004-12-28 L.V. Partners, L.P. Method and apparatus for tracking user profile and habits on a global network
US8296440B2 (en) 1998-09-11 2012-10-23 Rpx Corporation Method and apparatus for accessing a remote location with an optical reader having a programmable memory system
US7904344B2 (en) 1998-09-11 2011-03-08 Rpx-Lv Acquisition Llc Accessing a vendor web site using personal account information retrieved from a credit card company web site
US7822829B2 (en) 1998-09-11 2010-10-26 Rpx-Lv Acquisition Llc Method for interfacing scanned product information with a source for the product over a global network
US7979576B2 (en) 1998-09-11 2011-07-12 Rpx-Lv Acquisition Llc Method and apparatus for connecting a user location to one of a plurality of destination locations on a network
US7908467B2 (en) 1998-09-11 2011-03-15 RPX-LV Acquistion LLC Automatic configuration of equipment software
US7912760B2 (en) 1998-09-11 2011-03-22 Rpx-Lv Acquisition Llc Method and apparatus for utilizing a unique transaction code to update a magazine subscription over the internet
US7912961B2 (en) 1998-09-11 2011-03-22 Rpx-Lv Acquisition Llc Input device for allowing input of unique digital code to a user's computer to control access thereof to a web site
US7870189B2 (en) 1998-09-11 2011-01-11 Rpx-Lv Acquisition Llc Input device having positional and scanning capabilities
US20090240816A1 (en) * 1998-09-11 2009-09-24 Rpx-Lv Acquisiton Llc Method and apparatus for accessing a remote location with an optical reader having a programmable memory system
USRE43163E1 (en) 1999-05-14 2012-02-07 Brookline Flolmstead Llc High-speed network of independently linked nodes
US7072407B2 (en) 2000-01-31 2006-07-04 Brookline Flolmstead Llc Combination power and full duplex data cable
US7835350B2 (en) 2000-02-09 2010-11-16 Anderson Keith R Prioritizing data transmissions using the number of associated origin addresses
US20050249116A1 (en) * 2000-02-09 2005-11-10 Anderson Keith R System and method for prioritizing data transmissions
US6931003B2 (en) 2000-02-09 2005-08-16 Bookline Flolmstead Llc Packet prioritization protocol for a large-scale, high speed computer network
US20010025301A1 (en) * 2000-02-09 2001-09-27 Anderson Keith R. Packet prioritization protocol for a large-scale, high speed computer network
US7310671B1 (en) * 2000-02-10 2007-12-18 Paradyne Corporation System and method for a trouble shooting portal to allow temporary management access to a communication device
US7359951B2 (en) * 2000-08-08 2008-04-15 Aol Llc, A Delaware Limited Liability Company Displaying search results
US20060242128A1 (en) * 2000-08-08 2006-10-26 Surendra Goel Searching content on web pages
US20060184515A1 (en) * 2000-08-08 2006-08-17 America Online, Inc., A Delaware Corporation Category searching
US7970750B2 (en) 2000-08-08 2011-06-28 Aol Inc. Category searching
US7523103B2 (en) 2000-08-08 2009-04-21 Aol Llc Category searching
US7558805B2 (en) 2000-08-08 2009-07-07 Aol Llc Searching content on web pages
US20090177655A1 (en) * 2000-08-08 2009-07-09 Aol Llc Category searching
US7984061B1 (en) 2000-08-08 2011-07-19 Aol Inc. Displaying search results
US20020103797A1 (en) * 2000-08-08 2002-08-01 Surendra Goel Displaying search results
US8045565B1 (en) 2001-11-20 2011-10-25 Brookline Flolmstead Llc Method and apparatus for an environmentally hardened ethernet network system
US20030105815A1 (en) * 2001-12-05 2003-06-05 Ibm Corporation Apparatus and method for monitoring and analyzing instant messaging account transcripts
US7194536B2 (en) 2001-12-05 2007-03-20 International Business Machines Corporation Apparatus and method for monitoring and analyzing instant messaging account transcripts
US20050198323A1 (en) * 2002-03-06 2005-09-08 Arvind Ramaswamy Method and system for a network management console
US8676972B2 (en) * 2002-03-06 2014-03-18 Hewlett-Packard Development Company, L.P. Method and system for a network management console
US20110099621A1 (en) * 2002-04-22 2011-04-28 Nicholas Lizarraga Process for monitoring, filtering and caching internet connections
US9648038B2 (en) 2002-06-07 2017-05-09 Hewlett Packard Enterprise Development Lp Propagation of viruses through an information technology network
US9197602B2 (en) 2002-06-07 2015-11-24 Hewlett-Packard Development Company, L.P. Propagation of viruses through an information technology network
US20030233447A1 (en) * 2002-06-13 2003-12-18 International Business Machines Corporation Apparatus and methods for monitoring content requested by a client device
US8046624B2 (en) * 2002-10-19 2011-10-25 Hewlett-Packard Development Company, L.P. Propagation of viruses through an information technology network
US20040083372A1 (en) * 2002-10-19 2004-04-29 Hewlett-Packard Development Company, L.C. Propagation of viruses through an information technology network
US20040123158A1 (en) * 2002-12-18 2004-06-24 James Roskind Using trusted communication channel to combat user name/password theft
US6938167B2 (en) 2002-12-18 2005-08-30 America Online, Inc. Using trusted communication channel to combat user name/password theft
US7591004B2 (en) 2002-12-18 2009-09-15 Aol Llc, A Delaware Limited Liability Company Using trusted communication channel to combat user name/password theft
US20050262564A1 (en) * 2002-12-18 2005-11-24 James Roskind Using trusted communication channel to combat user name/password theft
WO2004086726A1 (en) * 2003-03-24 2004-10-07 Savantis Systems, Inc. Network service security
US20040218615A1 (en) * 2003-04-29 2004-11-04 Hewlett-Packard Development Company, L.P. Propagation of viruses through an information technology network
US7796515B2 (en) 2003-04-29 2010-09-14 Hewlett-Packard Development Company, L.P. Propagation of viruses through an information technology network
US8661545B2 (en) 2003-09-08 2014-02-25 Sonicwall, Inc. Classifying a message based on fraud indicators
US20080168555A1 (en) * 2003-09-08 2008-07-10 Mailfrontier, Inc. Fraudulent Message Detection
US8984289B2 (en) 2003-09-08 2015-03-17 Sonicwall, Inc. Classifying a message based on fraud indicators
US7665140B2 (en) 2003-09-08 2010-02-16 Sonicwall, Inc. Fraudulent message detection
US7451487B2 (en) 2003-09-08 2008-11-11 Sonicwall, Inc. Fraudulent message detection
US10367860B2 (en) 2004-03-15 2019-07-30 Oath Inc. Social networking permissions
US8595146B1 (en) 2004-03-15 2013-11-26 Aol Inc. Social networking permissions
US20110173675A9 (en) * 2004-04-28 2011-07-14 Jonathan Griffin Propagation of malicious code through an information technology network
US20070083914A1 (en) * 2004-04-28 2007-04-12 Jonathan Griffin Propagation of malicious code through an information technology network
US20060265468A1 (en) * 2004-09-07 2006-11-23 Iwanski Jerry S System and method for accessing host computer via remote computer
US7814216B2 (en) * 2004-09-07 2010-10-12 Route 1 Inc. System and method for accessing host computer via remote computer
US10673985B2 (en) 2005-04-04 2020-06-02 Oath Inc. Router-host logging
US9438683B2 (en) * 2005-04-04 2016-09-06 Aol Inc. Router-host logging
US20060242294A1 (en) * 2005-04-04 2006-10-26 Damick Jeffrey J Router-host logging
US20080020769A1 (en) * 2005-10-27 2008-01-24 Parekh Nileshkumar J Tune-away and cross paging systems and methods
US20130014241A1 (en) * 2006-01-13 2013-01-10 Google Inc. Providing Selective Access To A Web Site
US7908382B2 (en) 2006-06-07 2011-03-15 International Business Machines Corporation System and method to optimally manage performance's virtual users and test cases
US20070288625A1 (en) * 2006-06-07 2007-12-13 Al Chakra System and Method to Optimally Manage Performance's Virtual Users and Test Cases
US8561136B2 (en) * 2007-10-10 2013-10-15 R. Brent Johnson System to audit, monitor and control access to computers
US20090100507A1 (en) * 2007-10-10 2009-04-16 Johnson R Brent System to audit, monitor and control access to computers
US11044305B2 (en) 2009-12-17 2021-06-22 Intel Corporation Cloud federation as a service
US20180013819A1 (en) * 2009-12-17 2018-01-11 Intel Corporation Cloud federation as a service
US10298665B2 (en) * 2009-12-17 2019-05-21 Intel Corporation Cloud federation as a service
US8898777B1 (en) * 2011-10-14 2014-11-25 Symantec Corporation Systems and methods for detecting user activities to identify deceptive activity
US9652743B2 (en) 2012-05-30 2017-05-16 Sap Se Brainstorming in a cloud environment
US9116906B2 (en) * 2012-06-12 2015-08-25 Sap Se Centralized read access logging

Also Published As

Publication number Publication date
EP1008087B1 (en) 2004-03-17
WO1998027502A1 (en) 1998-06-25
EP1008087A4 (en) 2002-01-02
DE69728182D1 (en) 2004-04-22
EP1008087A1 (en) 2000-06-14
DE69728182T2 (en) 2004-10-14
AU5605698A (en) 1998-07-15

Similar Documents

Publication Publication Date Title
US6122740A (en) Method and apparatus for remote network access logging and reporting
US6256671B1 (en) Method and apparatus for providing network access control using a domain name system
US7506055B2 (en) System and method for filtering of web-based content stored on a proxy cache server
US7818435B1 (en) Reverse proxy mechanism for retrieving electronic content associated with a local network
US8788528B2 (en) Filtering cached content based on embedded URLs
RU2336561C2 (en) Content filtering in process of web-viewing
US8566907B2 (en) Multiple user login detection and response system
US7827280B2 (en) System and method for domain name filtering through the domain name system
US6993588B2 (en) System and methods for securely permitting mobile code to access resources over a network
US8584240B1 (en) Community scan for web threat protection
US6910077B2 (en) System and method for identifying cloaked web servers
US20040073629A1 (en) Method of accessing internet resources through a proxy with improved security
US20040078602A1 (en) Method and system for sharing storage space on a computer
US20090287705A1 (en) Managing website blacklists
JP2003233623A (en) Adaptation system and adaptation method for filtering
JPH0926975A (en) System and method for database access control
US20050044223A1 (en) Method and apparatus for entitlement based dynamic sampling
JP2002512411A (en) Access control method and device
US8060629B2 (en) System and method for managing information requests
JP2009507298A (en) Data communication with remote network nodes
JP2004520654A (en) Cracker tracking system and method, and authentication system and method using the same
KR100388137B1 (en) Extension of browser web page content labels and password checking to communications protocols
US20060018264A1 (en) Opened network connection control method, opened network connection control system, connection control unit and recording medium
KR100327989B1 (en) Method and apparatus for blocking access to illegal and harmful internet contents on the distributed environment
WO2002077852A1 (en) Method and system for restricting access to specific internet sites and lan card for the same

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTEL CORPORATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ANDERSEN, DAVID B.;REEL/FRAME:008361/0688

Effective date: 19961218

STCF Information on status: patent grant

Free format text: PATENTED CASE

CC Certificate of correction
FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

FPAY Fee payment

Year of fee payment: 4

FPAY Fee payment

Year of fee payment: 8

FPAY Fee payment

Year of fee payment: 12